Locksmith2

2026.1.1

Private/Test/Test-IsDomainUser.ps1

                                function Test-IsDomainUser {

    <#

        .SYNOPSIS

        Tests if the current user account is a domain account.

        .DESCRIPTION

        Checks if the current user is logged in with a domain account by attempting 

        to retrieve the current Active Directory domain context. If successful, the 

        user is authenticated with domain credentials.

        This is more reliable than simple string comparisons and properly handles 

        workgroup scenarios, Azure AD joined machines, and local accounts.

        This is useful for determining authentication context and permissions 

        when auditing Active Directory Certificate Services.

        .INPUTS

        None. This function does not accept pipeline input.

        .OUTPUTS

        System.Boolean

        Returns $true if the current user is using a domain account.

        Returns $false if using a local account, workgroup account, or if domain cannot be determined.

        .EXAMPLE

        Test-IsDomainUser

        Returns $true if logged in as DOMAIN\Username (domain account).

        .EXAMPLE

        if (Test-IsDomainUser) {

            Write-Host "Running with domain account credentials"

        } else {

            Write-Host "Running with non-domain account credentials"

        }

        Conditionally executes code based on account type.

        .NOTES

        This function attempts to access the Active Directory domain context.

        Failures indicate the user is not authenticated to an AD domain.

        Handles edge cases:

        - Workgroup machines (returns $false)

        - Azure AD/Entra ID joined machines (returns $false)

        - Local accounts on domain-joined machines (returns $false)

        - Domain accounts (returns $true)

        .LINK

        https://learn.microsoft.com/en-us/dotnet/api/system.directoryservices.activedirectory.domain

    #>

    [CmdletBinding()]

    [OutputType([bool])]

    param (

    )

    #requires -Version 5.1

    try {

        Write-Verbose "Attempting to retrieve current Active Directory domain context"

        $domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()

        Write-Verbose "Domain account check: Successfully retrieved domain '$($domain.Name)'. User is authenticated to AD domain."

        $true

    } catch {

        Write-Verbose "Domain account check: Could not retrieve domain context. User is not authenticated to an AD domain. Error: $($_.Exception.Message)"

        $false

    }

}